You are currently viewing SemiWiki as a guest which gives you limited access to the site. To view blog comments and experience other SemiWiki features you must be a registered member. Registration is fast, simple, and absolutely free so please, join our community today!
We worry a lot about how to make hardware and software invincible against attack - and then it turns out the OEMs leave the front door open by having major security holes in their system software updaters. Reminds me of flash drive issues - it's not the super-sophisticated attacks you need to worry about. It's the basic "duh" vulnerabilities that will get you, just on statistical likelihood.
We worry a lot about how to make hardware and software invincible against attack - and then it turns out the OEMs leave the front door open by having major security holes in their system software updaters. Reminds me of flash drive issues - it's not the super-sophisticated attacks you need to worry about. It's the basic "duh" vulnerabilities that will get you, just on statistical likelihood.
My impression is that they are bad. But I believe in order for a hacker to attack your PC via those vulnerabilities, most of the situation need to utilize the man-in-the-middle method. It's possible to use man-in-the-middle method but this is much harder than you think in many network environment. One most possible scenario is through the state-sponsored hacking in the regional or countrywide level. For example if you travel to Russia, you just can't assume UPDATE.DELL.COM that's sending data to you is the real one under DELL's administration.
But if we're talking about state-sponsored hacking onto countrywide network level, then there are more serious issues than those problems mentioned in the report.
True - but as a percentage of hacks and in terms of personal economic impact, state-sponsored hacking is a relatively small fish I think. Not to say that state attacks are unimportant, I think they're just a smaller percentage than the financially-motivated hacks.
At least one EDA CEO that I know of will not travel to China with either a laptop or smart phone, because the security risks are too great against being hacked just carrying the devices around in that country.
At least one EDA CEO that I know of will not travel to China with either a laptop or smart phone, because the security risks are too great against being hacked just carrying the devices around in that country.
I assume this is a common understanding that every country tries to hack other countries' computers. During the cold war era, all major players deployed or recruited human spies to spy each other. Now it's been modernized to have computer, network, and data hacking.
So often I'm amused that US government accused China and Russia illegally hack American computers and network. I'm always wondering if we, USA, ever legally hack Chinese or Russian computers?!
Anyway, legal or illegal aside, corporations and individuals need to protect themselves by themselves and can't assume someone else will take care the security for them.
Man in the middle attacks aren't that hard to do: you just need to put an open wifi access point controlled by you[1] somewhere people will log into it.
[1]Probably a ~$150 router with an open-source router firmware like tomato
